Pdo driver interface/password sensitive param (#874)

Co-authored-by: Sergei Tigrov <[email protected]>
yiisoft · Sep 4, 2024 · e6382dd · e6382dd
1 parent 4b2adc3
commit e6382dd
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 3 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -47,7 +47,7 @@ jobs:
         with:
           php-version: ${{ matrix.php }}
           extensions: ${{ env.extensions }}
-          ini-values: date.timezone='UTC'
+          ini-values: date.timezone='UTC', zend.exception_ignore_args=0
           coverage: pcov
           tools: composer:v2, pecl
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -34,6 +34,7 @@
 - Enh #862: Refactor PHP type of `ColumnSchemaInterface` instances (@Tigrov)
 - Enh #865: Raise minimum PHP version to `^8.1` with minor refactoring (@Tigrov, @vjik)
 - Enh #798: Allow `QueryInterface::one()` and `QueryInterface::all()` to return objects (@darkdef, @Tigrov)
+- Enh #872: Use `#[\SensitiveParameter]` attribute to mark sensitive parameters (@heap-s)
 - Enh #864: Realize column factory (@Tigrov)
 - Enh #875: Ignore "Packets out of order..." warnings in `AbstractPdoCommand::internalExecute()` method (@Tigrov)
 

diff --git a/src/Driver/Pdo/AbstractPdoDriver.php b/src/Driver/Pdo/AbstractPdoDriver.php
@@ -21,7 +21,7 @@ abstract class AbstractPdoDriver implements PdoDriverInterface
     public function __construct(
         protected string $dsn,
         protected string $username = '',
-        protected string $password = '',
+        #[\SensitiveParameter] protected string $password = '',
         protected array $attributes = []
     ) {
     }
@@ -61,7 +61,7 @@ public function getUsername(): string
         return $this->username;
     }
 
-    public function password(string $password): void
+    public function password(#[\SensitiveParameter] string $password): void
     {
         $this->password = $password;
     }

diff --git a/tests/Db/Driver/PDO/PDODriverTest.php b/tests/Db/Driver/PDO/PDODriverTest.php
@@ -62,4 +62,23 @@ public function testGetUsername(): void
 
         $this->assertSame('username', $pdoDriver->getUsername());
     }
+
+    public function testSensitiveParameter(): void
+    {
+        if (PHP_VERSION_ID < 80200) {
+            $this->markTestSkipped('SensitiveParameterValue is not available in PHP < 8.2');
+        }
+        $dsn = 'sqlite::memory:';
+        try {
+            new PDODriver($dsn, password: null);
+        } catch (\TypeError $e) {
+            $this->assertTrue($e->getTrace()[0]['args'][2] instanceof \SensitiveParameterValue);
+        }
+        $pdoDriver = new PDODriver($dsn);
+        try {
+            $pdoDriver->password(null);
+        } catch (\TypeError $e) {
+            $this->assertTrue($e->getTrace()[0]['args'][0] instanceof \SensitiveParameterValue);
+        }
+    }
 }